Network Perimeter Security: Building Defense In-Depth
Features
Summary
Today's network administrators are fully aware of the importance of security; unfortunately, they have neither the time nor the resources to be full-time InfoSec experts. Oftentimes quick, temporary security fixes are the most that can be expected. The majority of security books on the market are also of little help. They are either targeted toward individuals pursuing security certifications or toward those interested in hacker methods. These overly detailed volumes fail to deliver the easily referenced tactical information needed to provide maximum security within the constraints of time and budget.
Network Perimeter Security: Building Defense In-Depth reveals how you can evaluate the security needs of your network, develop a security policy for your company, and create a budget based upon that policy. It assists you in designing the security model, and outlines the testing process.
Through the concepts and case studies presented in this book, you will learn to build a comprehensive perimeter defense architecture based upon multiple layers of protection, with expert recommendations for configuring firewalls, routers, intrusion detection system, and other security tools and network components. This detailed volume enables you to secure your network on time, within budget, and without having to pursue attain a security certification.
Table of Contents
PREFACE
Who is this Book For?
The Path to Network Security
Who Should Read This Book?
MANAGING NETWORK SECURITY
The Big Picture: Security Policies from A to Z
Administrative Countermeasures
Physical Countermeasures
Technological Countermeasures
Creating the Security Standards Document
Creating the Configuration Guide Document
Pulling it All Together: Sample Security Policy Creation
Proteris Security Standards and Procedures
THE NETWORK STACK AND SECURITY
Connecting the Network
Protocols
Servers and Hosts
CRYPTOGRAPHY AND VPN TERMINOLOGY
Keys
Certificates
Hashing
Digital Signatures
Common Encryption Algorithms
Split Tunneling
APPLICATION SECURITY NEEDS
The Network Time Protocol
Domain Name System Servers
ACCESS CONTROL
Passwords
Biometrics
RADIUS/TACACS+
THE PUBLIC KEY INFRASTRUCTURE
PKI Protocols
PKI Implementation
FIREWALLS
Types of Firewalls
Decisions, Decisions
Router Security Considerations
The Router as the Firewall
Improving Your Security Beyond Basic Packet Filtering
Application Layer Filtering
Specific Protocol Considerations
Additional Router Firewall Features
Writing and Applying Filters
Maintaining Firewalls
NAT, Firewalls, VPNs and the DMZ
INTRUSION DETECTION SYSTEMS
Signature Based IDS
Statistical Based IDS
Host Based versus Network Based IDS
Tuning the IDS
IDS Placement
Reactive IDS
Integrating the Firewall and IDS
Other IDS Systems
VIRTUAL PRIVATE NETWORKS
VPN Limitations
VPN Solutions
IP-Based Virtual Private Networks
Internet Protocol Security
Key Exchanges
Internet Key Exchange
Integrating Network Address Translation and IPSec
Integrating the VPN and Firewall
Quality of Service and the VPN
WIRELESS NETWORK SECURITY
NETWORK PENETRATION TESTING
Outsourcing Network Penetration Testing
Putting it all Together
INCIDENT RESPONSE
Prevention
Detection
Evaluation
Containment
Investigation
Eradication
Post-Mortem
DISASTER RECOVERY AND CONTINUITY PLANNING
Types of Disaster Recovery Plans
ACCEPTABLE USE POLICIES
THE FINAL WORD
